09/19/2013
CLOCK TICKING FOR MEDICAL PROVIDERS
Sept. 23 marks a serious wake-up call for the health care community. HIPAA’s Final Omnibus Rule dictates enhanced privacy protections, new rights to health care information, and significant penalties for violating the rule.
Regulators will be required to impose hefty fines up to $1.5 million for those who violate the data protection required under the rule.
Why is the medical community such a hot target? The answer is in the records it keeps. Medical records contain valuable personal information — Social Security numbers, birth and death dates, family information, and billing information. And yet, it’s the only area where a medical organization leaves the decision entirely up to the employee — that is whether to destroy such a document or merely toss it into the trash.
At a recent convention for the document-destruction industry, Bob Johnson, CEO of the National Association for Information Destruction, advised that medical providers are wise to adopt a “shred everything, all the time, in the same manner” policy.
The trend for increased enforcement is seen in the nightly news. The widespread media coverage is evident in cases such as the one against Massachusetts Eye and Ear Associates Inc. The defendant agreed to pay $1.5 million to settle potential violations to HIPAA.
In another case, a North Idaho nonprofit was fined $50,000 for a breach that affected fewer than 500 people.
In a case against the Alaska Department of Health and Social Services, the Department agreed to pay $1.7 million to settle a HIPAA case involving a USB drive possibly containing electronic protected health information.
The American Medical Association states: “Clearly, physicians will need to develop a plan to make these required changes in a timely fashion.”
For a more depth look into the new Final Omnibus Rule and how to comply with it, please visit shredwithme.com.
By: Dawn R. Connelly, Esq.
© 2013 TCPalm. All rights reserved.
